Chief Information Security Officer, Director
Logistics Management Institute - With a legacy of solving the government’s most complex challenges and an outcome-driven model to execute above expectation, LMI transforms missions with solutions that define the new speed of possible.
LMI is a consultancy dedicated to powering a future-ready, high-performing government, drawing from expertise in digital and analytic solutions, logistics, and management advisory services. We deliver integrated capabilities that incorporate emerging technologies and are tailored to customers’ unique mission needs, backed by objective research and data analysis. Founded in 1961 to help the Department of Defense resolve complex logistics management challenges, LMI continues to enable growth and transformation, enhance operational readiness and resiliency, and ensure mission success for federal civilian and defense agencies.
Responsibilities
The LMI Chief Information Security Officer (CISO) will be responsible for securing the organization’s information systems, ensuring compliance with government regulations, and managing cybersecurity risks. The CISO drives implementing and running the enterprise Cybersecurity function from strategy to implementation to thought leadership. This will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks and information assets while supporting and advancing business objectives. The CISO position requires a visionary leader with sound knowledge of Federal government contractor business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.
Responsibilities:
- Develops and implements cybersecurity strategies that align with LMI’s goals, business objectives, and government security requirements.
- Establishes governance frameworks including policies, procedures, and governance structures to ensure cybersecurity is managed consistently across the organization.
- Regularly briefs executive leadership on the security posture, plans, and emerging threats.
- Ensures compliance with federal regulation and standards, including but not limited to: International Organization for Standardization (ISO) 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, NIST SP 800-53 (Risk Management Framework), NIST SP 800-171 (Controlled Unclassified Information), CMMC (Cybersecurity Maturity Model Certification), FISMA (Federal Information Security Management Act).
- Prepares the organization for and leads audit readiness, audits, and certifications related to government cybersecurity compliance.
- Identifies and manages cybersecurity risks, including third-party risks, insider threats, vulnerability assessments, incident response and recovery, and supply chain vulnerabilities.
- Ensures LMI’s information systems and data are protected and implements robust access controls, encryption standards, and other technical security measures on sensitive and classified information, including securing our cloud environments.
- Manages LMI’s security operations and oversees security operations centers (SOCs), ensuring continuous monitoring, detection, and response to security threats, including threat intelligence and incident handling.
- Stays informed on new cyber threats and deploys countermeasures to mitigate them.
- Collaborates with government entities and serves as the liaison between the contractor and government agencies for security matters, including audits, reporting, and remediation efforts, ensuring timely incident reporting to agencies such as the Department of Defense (DoD) and Department of Homeland Security (DHS).
- Implements cybersecurity awareness and training programs across the organization, particularly for employees handling sensitive or classified information.
- Manages third-party and supply chain security, ensuring subcontractors, third-party vendors, and solution providers adhere to cybersecurity requirements, including NIST SP 800-171 and CMMC.
- Develops, tests, and communicates business continuity and disaster recovery (BC/DR) plans.
- Allocates and manages the budget for cybersecurity initiatives, tools, and staff.
- Manages a cost-efficient information security organization, including hiring, training, staff development, performance management, and annual performance reviews.
Qualifications
Required Qualifications:
- Demonstrated experience and success in leadership roles in information security, risk management, and IT or OT security.
- Knowledge of information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, and those from NIST, including 800-53 and Cybersecurity Framework.
- Demonstrated experience leading support and response to external security audits.
- Degree in a STEM field (business IT related program), or equivalent work- or education-related experience.
- 10+ years of experience in cybersecurity or information security roles, with increasing levels of responsibility.
- Experience designing and implementing cybersecurity architectures, including secure network and system design, encryption, access control models, secure SDLCs, and securing cloud environments that handle government data, such as FedRAMP-authorized cloud services.
- Familiarity with firewalls, intrusion detection systems (IDS), endpoint protection, data loss prevention (DLP), and vulnerability management.
Preferred Qualifications:
- Graduate degree in a STEM field, or an IT Security or Cybersecurity program.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
- Experience establishing a Cyber Supply Chain Risk Management program.
- Previous experience as a corporate CISO or head of a Cybersecurity practice.
- Experience with federal agencies working directly with or for U.S. federal agencies, such as the Department of Defense (DoD) or Department of Homeland Security (DHS).
- TS/SCI with Full Scope Polygraph (or, if not, then TS/SCI with CI Polygraph).
- Experience maintaining IL6, SCIF, and SAP environments.
- Demonstrated ability to lead and motivate even when "dotted line" reporting lines exist.
#J-18808-Ljbffr